package com.cuckoo.configuration;

import com.cuckoo.common.AuthRealm;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;




/**
 * Shiro配置类
 */

@Configuration
public class ShiroConfiguration {

    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager){
        ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean ();
        bean.setSecurityManager ( manager );
        //bean.setLoginUrl ( "/login" );
        //bean.setSuccessUrl ( "/unauth" );
        /*权限不足的页面*/
        bean.setUnauthorizedUrl ( "/unauth" );
        LinkedHashMap<String,String> filterChainDefinitionMap=new LinkedHashMap<> (  );
        filterChainDefinitionMap.put ( "/index/**","authc" );
        filterChainDefinitionMap.put ( "/","anon" );
        filterChainDefinitionMap.put ( "/login","anon" );
      /*  filterChainDefinitionMap.put ( "/loginUser","anon" );
        filterChainDefinitionMap.put("/admin", "roles[admin]");
        filterChainDefinitionMap.put("/edit", "perms[edit]");
        filterChainDefinitionMap.put("/druid/**", "anon");
        filterChainDefinitionMap.put ( "/**","user" );*/
        //配置shiro默认登录界面地址，前后端分离中登录界面跳转应由前端路由控制，后台仅返回json数据
        bean.setLoginUrl("/");
        bean.setFilterChainDefinitionMap ( filterChainDefinitionMap );
        return bean;
    }

    @Bean("securityManager")
    public SecurityManager securityManager(@Qualifier("authRealm") AuthRealm authRealm){
        DefaultWebSecurityManager manager=new DefaultWebSecurityManager (  );
        manager.setRealm ( authRealm );
        /*记住我*/
        manager.setRememberMeManager ( rememberMeManager() );
        return manager;
    }


    @Bean("authRealm")
    public AuthRealm authRealm(){
        AuthRealm authRealm=new AuthRealm ();
        //authRealm.setCredentialsMatcher ( credentailMatcher);
        return authRealm;
    }


   /* @Bean("credentailMatcher")
    public CredentailMatcher credentailMatcher(){
        return new CredentailMatcher ();
    }*/

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor advisor=new AuthorizationAttributeSourceAdvisor ();
        advisor.setSecurityManager ( securityManager );
        return advisor;
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator creator=new DefaultAdvisorAutoProxyCreator ();
        creator.setProxyTargetClass ( true );
        return creator;
    }
    /**
     * cookie对象;
     * @return
     */
    public SimpleCookie rememberMeCookie(){
        //这个参数是cookie的名称，对应前端的checkbox的name = rememberMe
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
        //<!-- 记住我cookie生效时间30天 ,单位秒;-->
        simpleCookie.setMaxAge(2592000);
        return simpleCookie;
    }

    /**
     * cookie管理对象;记住我功能
     * @return
     */
    public CookieRememberMeManager rememberMeManager(){
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCookie(rememberMeCookie());
        //rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位)
        cookieRememberMeManager.setCipherKey( Base64.decode("3AvVhmFLUs0KTA3Kprsdag=="));
        return cookieRememberMeManager;
    }


}
